Privacy Policy

Who we are

INGENISO STUDENT ACCOMMODATION (PTY) LTD

PRIVACY POLICY AND

POPIA ACT (Protection of Personal Information Act 4 of 2013)

  1. INTRODUCTION

1.1. Ingeniso Student Accommodation (Pty) Ltd (“the company”) is sensitive to the personal nature of the information you provide to us.

1.2. This privacy policy (“this Policy”) explains how we protect and use your Personal Information.

1.3. By providing us with your Personal Information, you:

1.3.1. Agree to this Policy and authorize us to process such information as set out herein; and

1.3.2. Authorize the company, our Service Providers and other third parties to Process your Personal Information for the purposes stated in this Policy.

1.4. The Company will not use your Personal Information for any other purpose than that set out in this Policy and will endeavor to protect your Personal Information that is in our possession from unauthorized alteration, loss, disclosure or access.

1.5. Please note that the Company may review and update this Policy from time to time. The latest version of this Policy is available on request.

1.6. This Policy applies to all external parties with whom we interact, including but not limited to individual clients, representatives of client organizations, visitors to our offices, and other users of our legal and related services (“you”). Defined terms used in this Policy are explained in “Annexure A”.

  1. COLLECTION OF PERSONAL INFORMATION

2.1. We may collect or obtain Personal Information about you:

2.1.1. directly from you, obtained from email; lease agreements and correspondence via email; telephone or fax;

2.1.2. during our relationship with you:

2.1.3. when you make your Personal Information public.

2.1.4. when you visit and/or interact with our website or our various social media platforms, if any.

2.1.5. when you register to use any of our services including but not limited to newsletters, seminars and WhatsApp groups or the like.

2.1.6. when you visit our offices.

2.2. We may also receive Personal Information about you from third parties (e.g., law enforcement authorities, financial institutes, tertiary institutes or any other bureau the company subscribes to in line with our day-to-day business).

2.3. In addition to the above, we may create Personal Information about you such as records of your communications and interactions with us.

  1. CATEGORIES OF PERSONAL INFORMATION WE MAY PROCESS

3.1. In terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), the Company

may process the following categories of Personal Information about you:

3.1.1. Personal Details: name; and photograph.

3.1.2. Demographic Information: gender; date of birth / age; nationality; salutation; title; and language preferences.

3.1.3. Identifier Information: passport or national identity number; utility provider details; bank statements; tenancy agreements.

3.1.4. Contact Details: correspondence address; telephone number; email address; and details of your public social media profile(s).

3.1.5. Instruction Details: Personal Information included in correspondence, documents, evidence or other materials that we Process during providing services to you.

3.1.6. Attendance Records: details of meetings and other events organized by or on behalf of the company that you have attended.

3.1.7. Consent Records: records of any consent you may have given, together with the date and time, means of consent and any related information.

3.1.8. Payment Details: billing address; payment method; bank account number or credit card number; invoice records; payment records; SWIFT details; IBAN details; payment amount; payment date; and records of cheques; debit order payments.

3.1.9. Employer Details: where you interact with us in your capacity as an employee of an organization, the name, address, telephone number and email address of your employer, to the extent relevant.

  1. SENSITIVE PERSONAL INFORMATION

4.1. Where we need to Process your Sensitive Personal Information, we will do so in the ordinary course of our business, for a legitimate purpose, and in accordance with applicable law.

  1. PURPOSES OF PROCESSING AND LEGAL BASES FOR PROCESSING

5.1. The company will Process your Personal Information in the ordinary course of the business of the company. We will primarily use your Personal Information only for the purpose for which it was originally or primarily collected.

5.2. The Company will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is closely related to the original or primary purpose for which the Personal Information was collected. We may subject your Personal Information to Processing during various activities, including, without limitation, the following:

5.2.1. operating our business.

5.2.2. compliance with relevant legislation and law.

5.2.3. compliance with any other applicable law and fraud prevention; and/or

5.2.4. transfer of information to our Service Providers and other third parties.

5.3. We may process your Personal Information for relationship management and marketing purposes in relation to our services (including, but not limited to, Processing that is necessary for the development and improvement of our services), for accounts management, and for marketing activities to establish, maintain and/or improve our relationship with you and with our Service Providers. We may also analyze your Personal Information for statistical purposes.

5.4. We may process your Personal Information for internal management and management reporting purposes, including but not limited to conducting internal audits, conducting internal investigations, implementing internal business controls, providing central processing facilities, for insurance purposes and for management reporting analysis.

5.5. We may Process your Personal Information for safety and security purposes.

  1. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES

6.1. We may disclose your Personal Information to our Associates and Service Providers, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality.

6.2. In addition, we may disclose your Personal Information:

6.2.1. if required by law.

6.2.2. regulatory authorities, upon request, or for the purpose of reporting any actual or suspected breach of applicable law or regulation.

6.2.3. third party Operators (including, but not limited to, data processors such as providers of data hosting services and document review technology and services), located anywhere in the world, subject to 6.3.

6.2.4. where it is necessary for the purposes of, or in connection with, actual or threatened legal proceedings or establishment, exercise or defense of legal rights.

6.2.5. to any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including, but not limited to, safeguarding against, and the prevention of threats to, public security; and/or

  1. DATA SECURITY

7.1. We will implement appropriate technical and organizational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, in accordance with applicable law.

7.2. Where there are reasonable grounds to believe that your Personal Information that is in our possession has been accessed or acquired by any unauthorized person, we will notify the relevant regulator and you, unless a public body responsible for detection, prevention or investigation of offences or the relevant regulator informs us that notifying you will impede a criminal investigation.

7.3. Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Information that is in our possession, we cannot guarantee the security of any information transmitted using the internet and we cannot be held liable for any loss of privacy occurring during such transmission.

  1. DATA ACCURACY

8.1. The Personal Information provided to the company should be accurate, complete and up to-date.

8.2. Should Personal Information change, the onus is on the provider of such data to notify the company of the change and provide the scheme with accurate data.

  1. DATA MINIMISATION

9.1. The company will restrict its processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.

  1. DATA RETENTION

10.1. The company shall only retain and store Personal Information for the period for which the data is required to serve its primary purpose or a legitimate interest or for the period required to comply with an applicable legal requirement, whichever is longer.

  1. YOUR LEGAL RIGHTS

11.1. You may have rights under the South African and other laws to have access to your Personal Information and to ask us to rectify, erase and restrict use of your Personal Information. You may also have the right to object to your Personal Information being used, to ask for the transfer of Personal Information you have made available to us and to withdraw consent to the use of your Personal Information.

11.2. In instances where your Personal Information is processed pursuant to:

11.2.1. a statutory obligation.

11.2. a contractual obligation; and

11.2.3. a legitimate interest, your consent, or the withdrawal thereof, would not necessitate the erasure of your Personal Information, as your consent is not necessary for the processing of such Personal Information.

        12. DIRECT MARKETING

12.1. We may Process your Personal Information for the purposes of providing you with information regarding services that may be of interest to you. You may unsubscribe free at any time.

ANNEXURE A – DEFINITIONS

1.1. “Operator” means any person or entity that Processes Personal Information on behalf of

the Responsible Party.

1.2. “Personal Information” means information that is about any individual, or from which any individual is directly or indirectly identifiable, by reference to an identifier such

as a name, an identification number, location data, an online identifier or to one or more

factors specific to the physical, physiological, genetic, mental, economic, cultural or social

identity of that individual.

1.3. “POPIA” means the Protection of Personal Information Act 4 of 2013.

1.4. “Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.5. “Responsible Party” means the entity that decides how and why Personal Information is Processed, being the company.

1.6. “Sensitive Personal Information” means Personal Information about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that may be deemed to be sensitive under applicable law.

1.7. “Service Provider” means third party providers of various services whom we engage, including, but not limited to, providers of information technology, communication, file storage, data storage, copying, printing, accounting or auditing services, independent contractors, and our insurers.

1.8. “Website” means any website operated, or maintained, by us or on our behalf.

INGENISO STUDENT ACCOMMODATION (PTY) LTD